The hullabaloo over Oklahoma

No, I’m not talking about the musical. There was an article in the Oklahoma Gazette on the 12th of April that criticized a new antispyware bill being introduced by the Oklahoma Legislature that was written with the assistance of Microsoft.

If you click that “accept” button on the routine user’s agreement, the proposed law would allow any company from whom you bought upgradable software the freedom to come onto your computer for “detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing computer software prescribed under this act.”

The bill, called the Computer Spyware Protection Act (HB 2083) does have some language which indicates that this may be is the case:

Sections 4 and 5 of the Computer Spyware Protection Act shall not apply to the monitoring of, or interaction with, the Internet or other network connection, service, or computer of an owner or operator, by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service for network or computer security purposes, diagnostics, technical support, maintenance, repair, network management, authorized updates of computer software or system firmware, authorized remote system management, or detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing computer software prescribed under this act (ed- that's a long phrase).

You can read the bill here and decide for yourself.

My feeling? We don’t need new laws. Believe it or not, we have laws that work just fine for spyware.

Adding new laws to combat spyware does two Bad Things:

1. Introduces the law of unintended consequences, such as may be the case here.

2. Creates the potential of creating a “safe-harbor” for adware companies and the like (remember, by the time these laws get into legislation, they are watered down by lobbyists, such as we saw with CAN-SPAM, a relatively worthless piece of legislation).

What we need is enforcement of existing laws, and we need to give the Feds more power to work across borders to nail pernicious spyware vendors.

And if there was one law I would really like to see introduced, it would be punishment for ISPs who knowingly or indirectly support malware sites on their networks. Why is it you can shut a site down immediately by invoking the dreaded DMCA, but not get it shut down immediately for providing malware?